As the Hurt Locker file-sharing lawsuit drags on, residents from across the US …

IP addresses have real uses when it comes to identifying Internet activity, but they work best when paired with targeted investigation rather than as “spray-and-pray” shotgun-style federal litigation. Case in point: The Hurt Locker lawsuit, in which film producers Voltage Pictures have partnered with Virginia lawyers Dunlap, Grubb, and Weaver to pursue thousands of file-sharers who allegedly exchanged copies of the movie. The case has ground on for more than a year already, and the DC District Court’s docket is absolutely stuffed with letters from across the country, many claiming total innocence.

The letters have all fallen on the deaf ears of Beryl Howell, the RIAA lobbyist-turned-federal-judge who took over the case several months back. Howell has consistently denied these objections, saying that the only proper time to make them is later in the case after defendants have been individually named.

It’s impossible to vet the claims made in these letters, of course, but they do remind us just how opaque IP addresses can be; trying to use them like a window through which you can peek to see a particular downloader hunched over a screen is often futile. What you see instead is a machine—a router or wireless access point—that often tells you surprisingly little about who might have “done it.” Here’s a collection of just some of the many objections filling the Hurt Locker docket. Confusion is palpable in many of them as people wonder why they’re being targeted and struggle to figure out what an “open WiFi network” is and why it might cause them problems.

The Pinestead Reef Resort in Traverse City, Michigan:

We object to the suit given the fact that we operate a Timeshare resort named Pinstead Brief Resort that is 46 units all of which have a Wi-Fi connection using our IP address. We have numerous users at various times and are unable to monitor or control what they are doing on the computer in their room… I can assure you that the movie was not downloaded from any of the 5 computers that we use in our office on a daily basis.

Michelle from Farmington, Minnesota:

I did not download this movie. I had a wireless router on my computer at the time the Plaintiff alleges that their movie was downloaded by my IP address. Charter had notified me at that time that the download may have been done from my IP address and I removed the wireless router to avoid any further activity.

Steven from Cleveland, Tennessee:

I have no idea why my account info/IP address is associated with this action. I have not downloaded nor certainly have not [sic] distributed any copyrighted material such as “Hurt Locker,” named in this action.

MidAtlanticBroadband Hospitality Services of Baltimore, Maryland:

MidAtlanticBroadband Hospitality Services is filing an objection to provide information as our information is irrelevant, as we are not the end-user nor do we have any information related to the actual usage of this IP address.

Ryan from Waunakee, Wisconsin:

I have no knowledge of the alleged movie download. I had a problem with my network security settings in the past which has recently been upgraded and password-protected. I am sorry for any damages or misfortune the Plaintiff has incurred.

A woman named Sarah, no address given:

I am objecting to the disclosure and release of my identifying information by Charter Communications Inc. on the grounds that I’m not the owner nor have I ever owned the computer with the MAC IP address [sic] that they are claiming illegally downloaded the copyrighted work. When this download took place I was living in a college apartment with roommates and we all shared the wireless network. I had opened the account and my roommates each paid me a portion of the monthly bill since we all shared the same wireless network. When I contacted Charter Communications Inc. regarding the subpoena to inform them they had the wrong person named for the download they said it could have been anyone in the apartment complex and that I was named as a potential defendant due to my being the one that set up the account.

Ann from St. Louis, Missouri:

As a soon to be 70-year-old woman, I can assure the court that I have neither downloaded or distributed ANY copyrighted work as alleged in this lawsuit. Thank you for your consideration.

Rick from St. Louis, Missouri:

I did not download this movie. From a telephone conversation with Charter Communications’ technical customer service I learned it is possible someone outside my home may have compromised the IP address and downloaded the movie without my knowledge.

Charter further advised me to place a lock on the wireless router to help prevent people from hacking into the system and using my IP address. This has now been done.

Take pay cuts over the past years, having a disabled wife and struggling to support a family, I do not have the money to hire an attorney to protect myself especially in this case where I did nothing wrong.

Ed from Sauk Rapids, Minnesota:

Up until currently my wireless router had only the default security set and no encryption enabled. I live in a large neighborhood where many people could have purposely or inadvertently connected to this access point. My children are 11 and 7 and are not computer savvy to be able to do this. I have also spoken to them about piracy of media since. I do apologize to the complainant that connection [sic] was involved in this activity.

Gabriel from San Gabriel, California:

All of the equipments [sic] in our home have been provided and connected by Charter Communications, Inc. I do not own any wireless equipment. I do not download movies or music from any computer or any equipment. I do not engage in copying music or movies. I am not in the business of selling any form of media. I have not had any guests that engage in any illegal activities. I strongly oppose all illegal copying of any copyrighted materials.

Arcadiana Cable Advertising from Opelousas, Louisiana:

We’re a small company with 6 employees, and do not have any sort of IT personnel, therefore, our wireless router is not a password-protected router. We have seen several individuals in the parking lot obviously using our unprotected service. Furthermore, the time of infringement was 7:40 AM. Our business opens daily at 8:30 AM, thereby making that time highly suspect.

Richard from Peru, New York:

[Explaining a problem with his Vonage setup that Routinely required a router reset.] This process would open up our wireless network to anyone since it removed the encryption to our wireless network. Our wireless router could be open to the public for days before I would notice that it was not protected areas would normally caught my attention, that are wireless network was open, was how slow it was during typical web browsing…

I truly believe that no person that is part of my family downloaded the copyrighted work known as Hurt Locker. I have searched all the computers within my residence and have not found a file or folder with that name. I also know that is NOT a typical movie that my family members would watch. Being a Gulf War Veteran, I have no desire to watch such a movie. Just like the movie Blackhawk Down, I heard it was a good movie but I will never watch it, another movie that is too close to home.

Currently we have purchased just over 500 DVD and Blue Ray [sic] movies which in itself should indicate that we support the movie industry. We also have a current Netflix account and a Charter account.

A clue

The issue isn’t limited to P2P litigation, either. The Electronic Frontier Foundation this week pointed out the story of a US resident raided by Immigrations and Customs Enforcement (ICE) for running a Tor exit node—a computer that dumps anonymized traffic from the Tor network back onto the public Internet. Officers traced some offending Internet activity back to the exit node’s IP address, but that traffic had nothing to do with the man who ran the node.

”An IP address doesn't automatically identify a criminal suspect,” wrote the EFF’s Marcia Hofmann. “Sometimes a router's IP address might correspond fairly well to a specific user—for example, a person who lives alone and has a password-protected wireless network… But in many situations, an IP address isn't personally identifying at all.”

Calling an IP address no more than a “clue,” Hofmann suggests that “an IP address alone is not probable cause that a person has committed a crime. Furthermore, search warrants executed solely on the basis of IP addresses have a significant likelihood of wasting officers' time and resources rather than producing helpful leads.”

We’ve seen plenty of serious investigations, often involving child pornography, in which IP addresses proved decisive in linking a forum user’s online username to a real person. Others, unfortunately, have led to raids on the wrong home.

An IP address is a starting point for investigation, not evidence of guilt, but the current string of massive P2P file-sharing cases across the country aren’t relying on thorough investigation to make their claims; the “settle up now or risk $150,000 in court judgements and legal fees” letters fly out of the law offices behind these cases, and it is these settlements that are the true business model behind such fishing expeditions. When non-technical people are threatened with thousands of dollars in legal fees simply to assert their own innocence or even the court’s total lack of jurisdiction, settlement can look like a rational option even if you know nothing about the charges. Based on an IP address, this hardly sounds like robust justice, and it's no wonder that plenty of other judges not formerly employed by the entertainment industry have cut these cases off wholesale.

Stuff like this terrifies me because as a systems administrator for an ISP, because we get 4-5 of the letters a year. Our job has been to forward them on to the person who leases the connection, but often individuals down the chain are given from a DHCP pool that changes frequently as we move or upgrade equipment. So the guy who had IP xx.nn on May 1st would likely have a different IP on June 30th. On top of that, some of our customers are schools, businesses, and religious organizations who have no IT staff and are one hacked laptop away from being sued. And there's pressure for us to monitor connections, and that's just insane.

Didn't the MPAA just recently come to an agreement with ISPs to gradually warn users and eventually throttle bandwidth when they have detected filesharing activity? So what, now they have a way to throttle our internet connection without any kind of judicial review and they are going to continue to sue the pants off everyone too?

A think as a defense attorney, all I would have to say to tell a judge is that an IP address on an unsecured wireless router is absolute, rock solid evidence that someone living within 100 meters of that router, or someone passing through the area covered by that router on the day/time in question, or that someone somewhere else on the network spoofing the IP address of that router, did the deed.

Didn't the MPAA just recently come to an agreement with ISPs to gradually warn users and eventually throttle bandwidth when they have detected filesharing activity? So what, now they have a way to throttle our internet connection without any kind of judicial review and they are going to continue to sue the pants off everyone too?

Hurt Locker is an independent film. They only need to go by the law, not an agreement between two groups of corporations.EDIT:And this all predates the agreement, so the agreement's relevancy is tenuous at best.

A think as a defense attorney, all I would have to say to tell a judge is that an IP address on an unsecured wireless router is absolute, rock solid evidence that someone living within 100 meters of that router, or someone passing through the area covered by that router on the day/time in question, or that someone somewhere else on the network spoofing the IP address of that router, did the deed.

Problem is, this is not a criminal lawsuit where you are presumed innocent and the prosecution has to prove your guilt beyond all reasonable doubt.

This is a civil suit, where the burden of proof lies upon your shoulders, so you have to hire your own attorney and provide concrete evidence that you didn't commit whatever you're being accused of.

Hurt Locker is an independent film. They only need to go by the law, not an agreement between two groups of corporations.EDIT:And this all predates the agreement, so the agreement's relevancy is tenuous at best.

I doubt the agreement between the corporations makes any mention of whether or not they will stop suing users anyway.

It was a pretty mediocre movie indeed. And that's what the suit has resulted from -- the director (or producer?) thought his work was way better than what it was, so when it didn't make any money, he decided to retaliate. Suing people associated with IP addresses downloading the movie is the most surefire way of getting more money.

Didn't the MPAA just recently come to an agreement with ISPs to gradually warn users and eventually throttle bandwidth when they have detected filesharing activity? So what, now they have a way to throttle our internet connection without any kind of judicial review and they are going to continue to sue the pants off everyone too?

Bloody rights, if you live in the USA, you reap what you sow. So get off your ass and start doing something about it instead of complaining here. It seems a lot of you that live in the USA think that the government and Corporations read these posts. The Internet is powerful, band together in your state and send email petitions with thousands of names as a start. Just quit WHINING and do something. Go out in the street and demonstrate it still works for the French. Heres the situation in a nut shell. Your afraid of the government, but it should be the other way around. The government should fear you. All you guys do now is throw up your arms and say "What can I do about it", with that attitude you've already given up and the power brokers have won. You don't think the rioting in Britain scares the shit out of the politicians, you bet it does because where are the politicians going to hide if you get pissed off. Lesson 101 How to take back your country, and quit being a whimp.

Didn't the MPAA just recently come to an agreement with ISPs to gradually warn users and eventually throttle bandwidth when they have detected filesharing activity? So what, now they have a way to throttle our internet connection without any kind of judicial review and they are going to continue to sue the pants off everyone too?

Bloody rights, if you live in the USA, you reap what you sow. So get off your ass and start doing something about it instead of complaining here. It seems a lot of you that live in the USA think that the government and Corporations read these posts. The Internet is powerful, band together in your state and send email petitions with thousands of names as a start. Just quit WHINING and do something. Go out in the street and demonstrate it still works for the French. Heres the situation in a nut shell. Your afraid of the government, but it should be the other way around. The government should fear you. All you guys do now is throw up your arms and say "What can I do about it", with that attitude you've already given up and the power brokers have won. You don't think the rioting in Britain scares the shit out of the politicians, you bet it does because where are the politicians going to hide if you get pissed off. Lesson 101 How to take back your country, and quit being a whimp.

The United States is MUCH bigger than the countries you've mentioned. It's a lot harder to organize something like that than you think, especially to the point that politicians would be worried..

Didn't the MPAA just recently come to an agreement with ISPs to gradually warn users and eventually throttle bandwidth when they have detected filesharing activity? So what, now they have a way to throttle our internet connection without any kind of judicial review and they are going to continue to sue the pants off everyone too?

Bloody rights, if you live in the USA, you reap what you sow. So get off your ass and start doing something about it instead of complaining here. It seems a lot of you that live in the USA think that the government and Corporations read these posts. The Internet is powerful, band together in your state and send email petitions with thousands of names as a start. Just quit WHINING and do something. Go out in the street and demonstrate it still works for the French. Heres the situation in a nut shell. Your afraid of the government, but it should be the other way around. The government should fear you. All you guys do now is throw up your arms and say "What can I do about it", with that attitude you've already given up and the power brokers have won. You don't think the rioting in Britain scares the shit out of the politicians, you bet it does because where are the politicians going to hide if you get pissed off. Lesson 101 How to take back your country, and quit being a whimp.

The United States is MUCH bigger than the countries you've mentioned. It's a lot harder to organize something like that than you think, especially to the point that politicians would be worried..

Yeah we don't really have a situation where 95% of the country's population resides in 2 or 3 dense cities. We're pretty spread out. Plus, we're easily distracted by other things -- "I hate what the government's doing to us...hey Steve Jobs resigned!"

A think as a defense attorney, all I would have to say to tell a judge is that an IP address on an unsecured wireless router is absolute, rock solid evidence that someone living within 100 meters of that router, or someone passing through the area covered by that router on the day/time in question, or that someone somewhere else on the network spoofing the IP address of that router, did the deed.

Problem is, this is not a criminal lawsuit where you are presumed innocent and the prosecution has to prove your guilt beyond all reasonable doubt.

This is a civil suit, where the burden of proof lies upon your shoulders, so you have to hire your own attorney and provide concrete evidence that you didn't commit whatever you're being accused of.

That isn't true. The burden of proof is still on the accuser, it's just that the standard of proof in a civil case isn't as high as in a criminal case. In a criminal case it's "beyond a reasonable doubt" whereas in a civil case it's a "preponderance of evidence." I would hardly call an IP address alone a "preponderance of evidence." It's a clue and nothing more.

Bloody rights, if you live in the USA, you reap what you sow. So get off your ass and start doing something about it instead of complaining here. It seems a lot of you that live in the USA think that the government and Corporations read these posts. The Internet is powerful, band together in your state and send email petitions with thousands of names as a start. Just quit WHINING and do something. Go out in the street and demonstrate it still works for the French. Heres the situation in a nut shell. Your afraid of the government, but it should be the other way around. The government should fear you. All you guys do now is throw up your arms and say "What can I do about it", with that attitude you've already given up and the power brokers have won. You don't think the rioting in Britain scares the shit out of the politicians, you bet it does because where are the politicians going to hide if you get pissed off. Lesson 101 How to take back your country, and quit being a whimp.

Is lesson 102 about spelling and grammar?

Does lesson 201 teach you how to say something original or insightful instead of just repeating shit you saw on a movie poster?

It was a pretty mediocre movie indeed. And that's what the suit has resulted from -- the director (or producer?) thought his work was way better than what it was, so when it didn't make any money, he decided to retaliate. Suing people associated with IP addresses downloading the movie is the most surefire way of getting more money.

It was a pretty mediocre movie indeed. And that's what the suit has resulted from -- the director (or producer?) thought his work was way better than what it was, so when it didn't make any money, he decided to retaliate. Suing people associated with IP addresses downloading the movie is the most surefire way of getting more money.

The heavy number of downloads was due to it being so hard to find theatrically. Something the producers should be taking major studios and theater owners to task about.

I thought it was because the movie was leaked in a DVD-quality format before it was released in theaters. I agree that it garnered a few accolades, but in my opinion that was pretty much only because it was a "quality" independent film.

Didn't the MPAA just recently come to an agreement with ISPs to gradually warn users and eventually throttle bandwidth when they have detected filesharing activity? So what, now they have a way to throttle our internet connection without any kind of judicial review and they are going to continue to sue the pants off everyone too?

Bloody rights, if you live in the USA, you reap what you sow. So get off your ass and start doing something about it instead of complaining here. It seems a lot of you that live in the USA think that the government and Corporations read these posts. The Internet is powerful, band together in your state and send email petitions with thousands of names as a start. Just quit WHINING and do something. Go out in the street and demonstrate it still works for the French. Heres the situation in a nut shell. Your afraid of the government, but it should be the other way around. The government should fear you. All you guys do now is throw up your arms and say "What can I do about it", with that attitude you've already given up and the power brokers have won. You don't think the rioting in Britain scares the shit out of the politicians, you bet it does because where are the politicians going to hide if you get pissed off. Lesson 101 How to take back your country, and quit being a whimp.

The United States is MUCH bigger than the countries you've mentioned. It's a lot harder to organize something like that than you think, especially to the point that politicians would be worried..

Bloody rights, if you live in the USA, you reap what you sow. So get off your ass and start doing something about it instead of complaining here. It seems a lot of you that live in the USA think that the government and Corporations read these posts. The Internet is powerful, band together in your state and send email petitions with thousands of names as a start. Just quit WHINING and do something. Go out in the street and demonstrate it still works for the French. Heres the situation in a nut shell. Your afraid of the government, but it should be the other way around. The government should fear you. All you guys do now is throw up your arms and say "What can I do about it", with that attitude you've already given up and the power brokers have won. You don't think the rioting in Britain scares the shit out of the politicians, you bet it does because where are the politicians going to hide if you get pissed off. Lesson 101 How to take back your country, and quit being a whimp.

Is lesson 102 about spelling and grammar?

Does lesson 201 teach you how to say something original or insightful instead of just repeating shit you saw on a movie poster?

Name of the movie poster please. Furthermore, why should anyone care about spelling or grammar in these comment sections?

I see Charter mentioned here, several times. My mother (who is several hours away from me) uses them -- they had setup a wireless router for her about a month back, as they only "support" their own equipment. I later learned that the tech has set it up with WEP. Yes, WEP.

This was confirmed by their customer service area (who I called as a proxy for my mom) and that this is a normal setup that the techs use. I told them that, in 2011, techs setting up WEP for security should be completely unacceptable and even cited lawsuits like this as an example. Btw, we had another tech go back out and setup WPA2 for her.

One thing I haven't seen a lot of press on is the connection between this sort of article and IPv6. What does everyone think is going to happen with cases like this when every light bulb on the planet has an IP address, on top of every computer? A lot of these "IP =/= computer =/= person" arguments kind of go out the window. I guess "computer =/= person" still applies, but it will be much harder to break the link.

I'm not trying to be some paranoid nut; I see huge benefits that will come about when IPv4 is dead. But I do think it's an interesting talking point with respect to all of these intellectual property lawsuits going on right now.

"The letters have all fallen on the deaf ears of Beryl Howell, the RIAA lobbyist-turned-federal-judge who took over the case several months back. Howell has consistently denied these objections, saying that the only proper time to make them is later in the case after defendants have been individually named."

Part of the problem, though is that as a "clue" it's useless, since without getting a judge to authorize it, you can't pursue that "clue". Look these lawyers may be great, or they may be scum, I don't know. But for all of the anecdotal evidence that there are *lots* of people who aren't identifiable by IP address, I would think that there are statistically, *lots* of people who are either directly or indirectly identifiable using this method. That is, most of the IP addresses don't belong to hotels etc.

The vitriol is being lobbed at this type of case, not because IP address identification as a "clue" is wrong, but because fundamentally you don't agree that they should be pursuing intellectual property infringement of this kind *at*all*. In the article it discusses how *valuable* this evidence is in pursuing child pornography cases, but the investigators in these civil suits don't have access to the same tools that the police do in investigating criminal cases. (and rightly so)

I think if you're going to criticize this type of investigation, it should be on two bases:

1. This type of case is wrong, no matter how you investigate it.

2. The investigators should do "these specific steps" in order to find the person who was allegedly infringing, instead of using IP addresses.

If you don't start with the assumption that these cases are just "wrong", then you start to realize that these guys aren't necessarily being lazy or stupid, they literally don't have much else to go on, and they need to get the courts to help them move their cases along.